----- Original Message -----
From: "Takeshi Imamura" <IMAMU@jp.ibm.com>
To: "Joseph Ashwood" <jashwood@arcot.com>
Cc: <xml-encryption@w3.org>
> I'm not sure why entire
> signed data also needs to be encrypted.
Just as a method of showing that the data should not be altered. With the
existance of a signature potentially completely obscured (which is
reasonable with the encrypt the signature idealogy) it will not normally be
obvious that the data cannot be changed without viewing what is encrypted.
It would be possible to get this effect with some form of a don't-touch-this
tag, but by encrypting it you enforce that policy. It's just a clarifying
factor.
Additionally there is should be no case where someone wants to encrypt the
signature, without encrypting the data that is signed. The signature only
asserts the validity of the information, if a portion of the data is
encrypted the underlying hash of the signature can be attacked (albeit with
very low probability of success). The result is that (from the attackers
perspective) it is far more important to know the data (any part of the
data) than to know the signature.
Joe